INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services...

Post on 21-Aug-2020

0 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services...

1

FIRST TC / TF-CSIRT Las Palmas, January 27th 2015

Javier Berciano

INTECO-CERT team update

2

INTECO INCIBE

3

Coordination SETSI-SES

SETSI-SESagreement

CRITICAL INFRAESTRUCTURE

PROTECTION

FIGHT AGAINST CYBERCRIME AND CYBERTERRORISM

AWARENESS AND TRAINING

4

INTECO-CERT CERTSI

+

5

Services

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Enterprises and citizensincidencias@certsi.es

Critical infrastructurespic@certsi.es

24x7x365

6

Services

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

MICS

C&C

SPAM

Samples

FastFlux

Open Resolver

Threats

URLs

bots

7

Services

0day vulnerabilities reports

General software

SCADA software

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

8

Services

Design: APT behaviour scenario with 3 phases

• Phase 1: Social engineering

• Phase 2: Internal pentest

• Phase 3: Incident handling scenario

15 critical infrastructures operators involved

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

9

Services

Learn for protect

OSINT reports

Cheatsheets

Best practices

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

10

AntiBotnet service

Facts:

5,8 millions botnet related evidences daily

Close to 74.000 unique Spanish IP addresses infected

Information from 570 sinkholes with 83 different botnets

11

Goals:

Botnet mitigation and disinfection

Realtime IP check service

End user reporting

AntiBotnet service

12

Analysis and information processing

End-user identification and

notifications generation

Feed (bots)

CyberSecurity Intelligence Engine

BOTNET EVIDENCES DATABASE

TRUSTED SOURCES

DETECTION

Analysis of Threats

Metrics

END USER

ANTIBOTNET SERVICE URL + Botnet Ticket

Threat Information and disinfection Tools

Awareness and Prevention

AntiBotnet service

13

Online IP check

AntiBotnet service

14

Chrome extension

AntiBotnet service

15

Detailed information about threat

AntiBotnet service

Disinfection tools (AV cleaners)

16

GFzo

torpig

28/10/14

xxx

1.1.1

AntiBotnet service

17

AntiBotnet service

18

Thank you!Javier Berciano

javier.berciano@incibe.es

Questions?

Top related

INTECO-CERT - TERENA...INTECO-CERT Collaboration Projects ü Collects information from a PC suspected of being modified by malicious code in order to determinate whether the PC is
 Documents
Study on Security and e-Trust in the Small and Micro Spanish Companies - Executy Sumary - English Version. By INTECO
 Documents
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
 Technology
Inteco Profile
 Documents
A Simpler Way of Finding 0day - Exploit Database · A Simpler Way of Finding 0day . Robert Graham . David Maynor . Errata Security . Abstract: Instead of reverse engineering vulnerabilities
 Documents
Www.salima.eu 17–20/2/2016, Brno Exhibition Centre SALIMA / VINEX - MBK - INTECO International Food Fairs.
 Documents
0day OuTian OuTian Joomla 1.0/1.5beta2 (latest) upload file mishandling vulnerability.
 Documents
INTECO un Nuevo Modelo para un Nuevo Milenio Por: Oscar Jiménez Presidente INTECO un Nuevo Modelo para un Nuevo Milenio Por: Oscar Jiménez Presidente.
 Documents
Inteco and NIST Cooperation
 Documents
Practical Guide for Secure Use of the Electronic Dni On the Internet - English Version. By INTECO
 Documents
Exodusintel.com. What to Expect discoveryexploitation Hand-holding through 0day discovery and exploitation.
 Documents
A Simpler Way of Finding 0day
 Documents
Study on the Security and Etrust in the Small Micro and Spanish Companies - English Version. By INTECO
 Documents
APT - Hunting 0Day Malware
 Technology
The IPO of the 0day - Immunity IncFuel the ego (require 0day discovery) Open the ports (they need IRC like a fish needs water) Encourage normal working hours by demonstrating all the
 Documents
A Simpler Way of Finding 0day - Black Hat Briefings
 Documents
NATIONAL NETWORK FOR SPAM MONITORING · 20th Annual FIRST Conference on Computer Security Incident Handling. 2 Summary 1. INTECO and INTECO-CERT 2. Spam Monitoring Network 1. Sensors
 Documents
IntEco Case 2 GravityModel XRate Exports HrushikeshMallick
 Documents
DISTURBANCE REJECTION EXPERIMENTAL IN 3D INTECO …jestec.taylors.edu.my/Special Issue_ISSC_2016/ISSC 2016... · 2017. 9. 11. · Disturbance Rejection Experimental in 3D INTECO Gantry
 Documents
INTECO-CERT - FIRST - Improving Security Together · INTECO-CERT Jorge Chinea López INTECO-CERT relations coordinator January, 2009 26th TF-CSIRT Meeting FIRST Symposium
 Documents

Copyright © 2022 FDOCUMENTS